6939 matches found
CVE-2014-0191
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation i...
Oracle Solaris Third-Party Patch Update : libxml2 (cve_2010_4008_denial_of)
The remote Solaris system is missing necessary patches to address security updates : - libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which...
Oracle Solaris Third-Party Patch Update : libxml2 (cve_2013_0338_denial_of)
The remote Solaris system is missing necessary patches to address security updates : - libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service CPU and memory consumption via an XML file containing an entity declaration with long replacement text and many referenc...
Oracle Solaris Third-Party Patch Update : libxml2 (cve_2012_5134_buffer_overflow)
The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer underflow in the xmlParseAttValueComplex function in parser.c in libxml2 2.9.0 and earlier, as used in Google Chrome before 23.0.1271.91 and other products, allows remote attackers to cause a...
Oracle Solaris Third-Party Patch Update : libxml2 (cve_2014_0191_denial_of)
The remote Solaris system is missing necessary patches to address security updates. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the Oracle Third Party software advisories. include'deprecatednasllevel.inc';...
Oracle Solaris Third-Party Patch Update : libxml2 (cve_2011_0216_denial_of)
The remote Solaris system is missing necessary patches to address security updates : - Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow and application crash via a crafted web site...
Oracle Solaris Third-Party Patch Update : libxml2 (cve_2013_1969_resource_management)
The remote Solaris system is missing necessary patches to address security updates : - Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via vectors...
Fedora Update for mingw-libxml2 FEDORA-2014-17609
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for mingw-libxml2 FEDORA-2014-17573
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 20 Update: mingw-libxml2-2.9.2-1.fc20
MinGW Windows libxml2 XML processing library...
Fedora 21 : mingw-libxml2-2.9.2-1.fc21 (2014-17609)
Update to libxml2 2.9.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...
Fedora 20 : mingw-libxml2-2.9.2-1.fc20 (2014-17573)
Update to libxml2 2.9.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...
Mandriva Linux Security Advisory : openafs (MDVSA-2014:244)
Multiple vulnerabilities has been found and corrected in openafs : Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via a long fileserver ACL entry CVE-2013-1794. Integer...
GLSA-201412-06 : libxml2: Denial of Service
The remote host is affected by the vulnerability described in GLSA-201412-06 libxml2: Denial of Service parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled. Impact : A context-dependent attacker could entice a user to a...
VMware fixes XSS vulnerabilities and a certificate validation issue-bug warning-the black bar safety net
VMware this week released a series of patches fixes multiple vulnerabilities, including its server virtualization platform. A vulnerability exists in VMware vCenter Server Appliance vCSAis a VMware vCenter Server of a component. The mainXSSVulnerabilityCVE-2 0 1 4-3 7 9 7by Trustware Spiderlabs...
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2014-0012 Synopsis: VMware vSphere product updates address security vulnerabilities Issue date: 2014-12-04 Updated on: 2014-12-04...
libxml2: Denial of service
Background libxml2 is the XML C parser and toolkit developed for the Gnome project. Description parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled. Impact A context-dependent attacker could entice a user to a specially craft...
VMSA-2014-0012 : VMware vSphere product updates address security vulnerabilities
a. VMware vCSA cross-site scripting vulnerability VMware vCenter Server Appliance vCSA contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page. VMwa...
F5 Networks BIG-IP : libxml2 vulnerability (SOL15872)
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted XML document containing a large number of nested entity references, a...
SOL15872 - libxml2 vulnerability CVE-2014-3660
parser.c in libxml2 before 2.9.2 does not properly prevent entity expansion even when entity substitution has been disabled, which allows context-dependent attackers to cause a denial of service CPU consumption via a crafted XML document containing a large number of nested entity references, a...